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All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1. ^ This communication is responsive to the Appeal Brief filed on 5/29/2007 . 

2. S The allowed claim(s) is/are 1-24 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
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A. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 
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5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 
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(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 
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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Robert Frantz (Reg. No. 42,553) on August 28, 2007. 

The application has been amended as follows: 

1. Claims 4, 12, 17, and 20 are currently amended by virtue of this Examiner's 
Amendment as given below. 

Claim 4 (Currently Amended): 

A method for managing permission indicators for computer system protected 
objects comprising the steps of: 

providing in a computer readable medium a plurality of permission indicator 
containers in an access control list; 

associating a first set of permission indicators with a primary permission indicator 
container; [[and]] 

associating in a computer readable medium accessible by an authorization control 
system one or more additional sets of permission indicators with additional permission 
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indicator containers, wherein said permission indicators are reused among said 
containers such that permission indicators may be categorized and grouped logically to 
control a number of unique permissions less than or equal to the product of a quantity of 
allowable action indicators and a quantity of allowable action group tags ; and 

granting authorization to a requesting computer or program to perform 
actions on said requested protected system resource according to said 
permission indicators in said permission indicator containers . 

Claim 12 (Currently Amended): 

A computer readable medium encoded with software for managing permission 
indicators for computer system protected objects, said software performing steps 
comprising: 

providing a plurality of permission indicator containers in an access control list; 
associating a first set of permission indicators with a primary permission indicator 
container; [[and]] 

associating one or more additional sets of permission indicators with additional 
permission indicator containers, wherein said permission indicators are reused among 
said containers such that permission indicators may be categorized and grouped 
logically to control a number of unique permissions less than or equal to the product of a 
quantity of allowable action indicators and a quantity of allowable action group tags ; 
and 

granting authorization to a reguesting computer or program to perform 
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actions on said requested protected system resource according to said 
permission indicators in said permission indicator containers. 

Claim 17 (Currently Amended): 

An authorization system for extending and grouping actions and permissions for 
authorization of a requesting user to access or use a requested protected system 
resource in a computer system, said system comprising: 

a computer system; 

an access control policy disposed in a computer readable medium readable by 
said computer system and associated with said requested protected system resource, 
having a permission list of permitted identities and at least one action group tag with 
associated action indicators, wherein a finite quantity of action indicators are reused 
among a plurality of action group tags to control a number of unique permissions less 
than or equal to the product of the quantity of allowable action indicators and a quantity 
of allowable action group tags; 

a permission list evaluator cooperative with said computer system for 
evaluating an access control policy permission list according to a specific permission 
definition associated with said action group tag, said permission definition providing a 
correlation between members of a set of action indicators; and 

an authorization grantor cooperative with said computer system adapted to 
grant authorization to a requesting computer or program to perform actions on said 
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requested protected system resource to said requesting user if said access control 
policy permission list includes an appropriate action indicator correlated to an action 
group tag. 

REASONS FOR ALLOWNACE 

1 . Claims 1 -24 are allowed. 

2. The following is an examiner's statement of reasons for allowance: 

3. The aforementioned claims are allowed because the Cited Prior Art (CPA), 
Trabelsi (U.S. Patent Publication No. 2001/0056494 A1), does not teach or render 
obvious all of the limitations present in the independent claims 1, 4, 9, 12, 17, and 20, 
and the subsequent dependent claims. 

4. The CPA does not disclose "reusing a finite quantity of action indicators among a 
plurality of action group tags to control a number of unique permissions less than or 
equal to the product of the quantity of allowable action indicators and a quantity of 
allowable action group tags," as is recited in the independent claims. This allows for an 
extension of the finite number of ACL permissions for a security policy management 
system. The method accomplishes this task by using logical groupings using actions 
(action groups) to categorize the different actions, facilitating the management of 
actions. Furthermore, the method reuses a finite quantity of action indicators among a 
plurality of action group tags to control a number of unique permissions. 
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The present invention addresses the following drawbacks of prior art security 
mechanisms: 1) finite limitations on the number of policy permissions in an ACL entry, 
2) difficult management of permission groups, and 3) lack of a categorization of actions 
into action groups. 

Thus this invention delineates a method of extending and grouping actions and 
permissions by reusing a finite quantity of action indicators among a plurality of action 
group tags to control a number of unique permissions less than or equal to the product 
of the quantity of allowable action indicators and a quantity of allowable action group 
tags, and granting authorization to perform actions if, after evaluating the permission list 
according to the definition associated with the action group tag, the access control 
policy permission list includes an appropriate action indicator correlated to an action 
group tag. 

5. Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examinershould be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 



Application/Control Number: 09/903,704 



Page 7 



Art Unit: 2131 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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